[SOLVED] Escaping symbols for mysql queries.

[Rohlan]

Hi.

 

This is my code, it queries the database to try and find the speficied email on my mysql table.

 

$sql2="SELECT * FROM noticias WHERE id='1' AND lista_emails LIKE %".$rows['email']."%"; 

 

I get an error, saying:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@com.com' at line 1

 

I guess I need to escape the @ symbol, how do I do this?

[Silverado_NL]

try enclosing the value with brackets.

like this

 

$sql2="SELECT * FROM noticias WHERE id='1' AND lista_emails LIKE '%".$rows['email']."%' "; 

 

 

instead of

 

$sql2="SELECT * FROM noticias WHERE id='1' AND lista_emails LIKE %".$rows['email']."%"; 

[The Little Guy]

It wasn't working because you don't have quotes around your email.

Also, you may want to use mysql_real_escape_string to secure your database.

 

 

$email = mysql_real_escape_string($rows['email']);
$sql2="SELECT * FROM noticias WHERE id='1' AND lista_emails LIKE '%$email%'";

[Rohlan]

Thanks Silverado_NL, that fixed it

 

Thanks for you too The Little Guy, however this is just an internal script I need to run locally.